aboutsummaryrefslogtreecommitdiffstats
path: root/code/api/src/Utilities/BasicAuthenticationHandler.cs
diff options
context:
space:
mode:
Diffstat (limited to 'code/api/src/Utilities/BasicAuthenticationHandler.cs')
-rw-r--r--code/api/src/Utilities/BasicAuthenticationHandler.cs27
1 files changed, 17 insertions, 10 deletions
diff --git a/code/api/src/Utilities/BasicAuthenticationHandler.cs b/code/api/src/Utilities/BasicAuthenticationHandler.cs
index 3b92293..41486ef 100644
--- a/code/api/src/Utilities/BasicAuthenticationHandler.cs
+++ b/code/api/src/Utilities/BasicAuthenticationHandler.cs
@@ -1,7 +1,6 @@
using System.Net.Http.Headers;
using System.Text;
using System.Text.Encodings.Web;
-using IOL.GreatOffice.Api.Models.Database;
using Microsoft.Extensions.Options;
namespace IOL.GreatOffice.Api.Utilities;
@@ -16,17 +15,18 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
- ISystemClock clock,
MainAppDatabase context,
VaultService vaultService
) :
- base(options, logger, encoder, clock) {
+ base(options, logger, encoder)
+ {
_context = context;
_configuration = vaultService.GetCurrentAppConfiguration();
_logger = logger.CreateLogger<BasicAuthenticationHandler>();
}
- protected override Task<AuthenticateResult> HandleAuthenticateAsync() {
+ protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+ {
var endpoint = Context.GetEndpoint();
if (endpoint?.Metadata.GetMetadata<IAllowAnonymous>() != null)
return Task.FromResult(AuthenticateResult.NoResult());
@@ -34,9 +34,11 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
if (!Request.Headers.ContainsKey("Authorization"))
return Task.FromResult(AuthenticateResult.Fail("Missing Authorization Header"));
- try {
+ try
+ {
var tokenEntropy = _configuration.APP_AES_KEY;
- if (tokenEntropy.IsNullOrWhiteSpace()) {
+ if (tokenEntropy.IsNullOrWhiteSpace())
+ {
_logger.LogWarning("No token entropy is available in env:TOKEN_ENTROPY, Basic auth is disabled");
return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
}
@@ -47,16 +49,19 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
var decryptedString = Encoding.UTF8.GetString(credentialBytes).DecryptWithAes(tokenEntropy);
var tokenIsGuid = Guid.TryParse(decryptedString, out var tokenId);
- if (!tokenIsGuid) {
+ if (!tokenIsGuid)
+ {
return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
}
var token = _context.AccessTokens.Include(c => c.User).SingleOrDefault(c => c.Id == tokenId);
- if (token == default) {
+ if (token == default)
+ {
return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header: Not Found"));
}
- if (token.HasExpired) {
+ if (token.HasExpired)
+ {
return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header: Expired"));
}
@@ -72,7 +77,9 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
var ticket = new AuthenticationTicket(principal, AppConstants.BASIC_AUTH_SCHEME);
return Task.FromResult(AuthenticateResult.Success(ticket));
- } catch (Exception e) {
+ }
+ catch (Exception e)
+ {
_logger.LogError(e, $"An exception occured when challenging {AppConstants.BASIC_AUTH_SCHEME}");
return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
}
generated by cgit v1.3 (git 2.53.0) at 2026-03-07 08:14:58 +0100